Is  Your  Data  Safe  Offshore? 
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NEWS  SPECIAL  REPORT 


Security  Expectations, 
Response  lose  in  India 


HThe  ability  for 
employees  to 
carry  data  out  of  the 
facility  is  minimized 
to  what  they  can 
carry  in  their  heads. 


NEWS  SPECIAL  REPORT 


Security  Expectations, 
Response  Rise  in  India 


M  The  ability  for 
employees  to 
cany  data  out  of  the 
facility  is  minimized 
to  what  they  can 
carry  in  their  heads. 
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Overcoming  the 
Piracy  Stigma  m  China 

|  secrets  and  business  data." 

|  said  Walter  Fang,  group  vice 

I  gy  officer  at  Neusoft  Group 

Ltd.,  a  Chinese  software  com- 
1  pany  based  in  the  northeast- 
|  em  city  of  Shenyang.  Neusoft 
|  employs  1.500  developers  who 

1  k  Neusoft  allocates  separate 

sourced  development  projects. 
BearingPoint  has  offered  to  in- 

At  Bleum's  highest  level  of 
security.  Rongley  said,  the 
company  offers  a  "shadow 
group"  of  developers  who  are 

PROVIDERS  ‘OVERCOMPENSATE'  FOR  THE  RISK.  BY  SUMNER  LEMON  SHANGHAI 

1  1  If ALK  in*0  the access-  intellectual  property  protec- 

UM  controlled  room  lull  of  tion  stems  largely  from  the 
■■  software  developers  at  widespread  availability  of  pi- 

■  ■  Bleum  Inc.'s  headquar-  rated  DVD  movies  and  soft- 
ters  here  and  you  can  t  miss  ware.  Last  month,  the  Business 

|  the  slogan  written  in  large  Software  Alliance  in  Washing- 

!  blue  and  black  letters  that  ton  estimated  that  92%  of  soft- 

|  such  as  Toshiba  Corp.  and 

1  Alpine  Electronics  Inc.,  and  it 

ings  to  staff  working  with 

On-site  offices  are  bailable 
to  each  client’s  project  man- 

vide  them  with  individual 

given  financial  incentives  to 
uncover  vulnerabilities  in  soft¬ 
ware  developed  by  the  lead 

The  shadow  developers  ex¬ 
amine  the  code  for  security 
holes  such  as  back  doors  or 
opportunities  for  buffer  over- 

ers  to  run  executable  code. 

The  message  is  there  to  gaL  That  figure  tied  the  cotin- 
f **  3 .COnstantfr^1'1"d^r  try  wjth  Vietnam  for  the  dubi- 


Toronto,  Ontario,  Canada 
September  8 
Los  Angeles,  September  15 
Boston,  September  21 
Minneapolis,  October  5 
Sao  Paulo,  Brazil 
October  5 


At  an  EMC  Forum,  see  how  today’s  storage  and  information  management 

STRATEGIES  CAN  HELP  YOU  SOLVE  YOUR  BIGGEST  IT  CHALLENGES. 


NEWS 


AT  DEADLINE 


Storage  Subsystem 
Out  of  Longhorn 


CflllWIMIIK 


There  is  no  one, 
single  solution 
to  security. 


EMC  Unveils  NAS  Devices 


That  point  wasn't  lost  on 
Lorie  Beam,  director  of  IT  at 
law  firm  Smith.  Anderson. 
Blount.  Dorsett.  Mitchell  6c 
Jemigan  LLP  in  Raleigh.  N.C. 


ccnainly  helps. '  she  said. 

Tied  as  iSCSI  targets  by  Micro- 


Asaro  lauded  EMC  for  its 
introduction  of  the  iSCSI  pro¬ 
tocol  on  its  boxes,  noting  that 
NAS  is  better  than  a  storage- 
area  network  for  certain  file- 
sharing  applications.  "And 
iSCSI  makes  sense  in  conjunc¬ 
tion  with  NAS  because  they 
both  use  the  same  Ethernet 
infrastructure,"  he  said,  "mak¬ 
ing  it  easy  to  install  and  cost- 
effective."  O  49100 


NEWS 


in 


Washington  State  Ferries  Expands 
Wi-Fi  Service  for  Passenger  Use 


We  wrote 

Security. 


(j^j)  iron  port 

Rebuilding  the  World’s  Email  Infrastructure. 
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OPINION 


MARYFRAN  JOHNSON 


Open-Source  Obligations 


SOMEONE  in  the  open-source  community 
should  send  a  nice  bottle  of  champagne 
to  Charlie  Ward,  manager  of  technical  ar¬ 
chitecture  at  Duke  Power.  What’s  worth 
celebrating?  The  way  Ward  and  his  crew 
of  developers  poured  1,000  hours  into  building  a 
framework  to  support  application  development  on 
Microsoft’s  .Net  technology,  then  turned  their  work 


One  CTO  I  spoke  with  last  wt 


lion  with  a  new  software  package 
from  a  major  vendor.  His  developers 
found  a  flaw  in  the  code  and  alerted 
the  vendor,  which  denied  responsibU- 
ity.  saying  that  the  piece  of  code  con¬ 
taining  the  flaw  was  open-source. 
The  customer  atgued  for  the  fix  and 
ultimately  got  it  -  but  the  experience 
raised  a  red  flag  for  the  CTO 


DAN  GILLMOR 

Microsoft 
Security’s 
Weak  link 

Windows  xp  Ser¬ 
vice  Pack  2  is  now 
making  its  way  onto 
computers.  This  major  update 
is  a  step  forward  for  a  company  that 


we  should  be  happy  for  that  mi 


PRODUCTIVITY  ^ 

■  RELIABILITY 


SCAN 


Double  your  productivity  with  Scan2  technology. 


08.30.04 


UCHNOLODY 


QUICKSTUDY 


Directory  Assistance 

Virtual  directories  provide  applica-  Fuzzy  Logic 

-  I  While  Boolean  loeic  solves  nmhlemc 


Once  the  work  of  vandals,  viruses  and  other  malware  are  now 
being  launched  by  criminals  looking  for  profits.  BY  DAN  VERTON 


CYBERSPACE 


Once  the  work  of  vandals,  viruses  and  other  malware  are  now 
being  launched  by  criminals  looking  for  profits.  BY  DAN  VERTON 


SHORTLIST 

YOUR 

SHORTLIST 


a 


TECHNOLOGY 


TECHNOLOGY 


TECHNOLOGY 


Metadirectory  Q  Virtual  Directory 
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TECHNOLOGY 


Fuzzy  Logic 


Fuzzy  logic  is  an  extension  of  classic  Boolean  logic 
designed  to  work  with  imprecise  or  vague  data,  with 
the  concept  of  partial  truth.  Where  classical  reason¬ 
ing  requires  yes  and  no  values,  fuzzy  logic  can  han¬ 
dle  concepts  such  as  "maybe,"  “nearly"  and  “very." 


values  —  the  overall  probability 


the  base  value.  Therefore  if 
mOI.ni  Bob)  0.80.  then 
m  VKRYOLOj  Bob )  0  M 

and  "son  of"  All  have  subjec¬ 
tive  definitions  but  transform 


matically  as  mSHORTTRus- 


» 


TECHNOLOGY 


Fuzzy  Logic 

mum  of  those  values.  As  we 

values  —  the  overall  probability 
continues  to  drop,  eventually 
approaching  0.0.  For  fuzzy  log¬ 
ic,  however,  the  truth  value  re¬ 
mains  high.  Similarly  for  the  or 
operator,  incorporating  more 

methods  as  classic  logic. 

For  example,  let’s  change 

“Bob  is  very  old."  Here  we’re 
using  “very”  as  a  hedge  or  de¬ 
scriptor,  and  this  particular 
hedge  is  often  defined  as 
equivalent  to  the  square  of 

1  Fuzzy  logic  is  an  extension  of  classic  Boolean  logic  1 

■  designed  to  work  with  imprecise  or  vague  data,  with  1 

■  the  concept  of  partial  truth.  Where  classical  reason-  1 

factors  increases  probability 
to  near  1.0.  while  adding  more 

combined  value  at  all,  and  the 
indf  dual*  ^ 1318651  °f  the 

mOLD(Bob)  =  0.80,  then 
mVERYOLD(Bob)  =  0.64. 

Other  hedges  include  “more 

and  “sort  of."  All  have  subjec- 

■  ing  requires  yes  and  no  values,  fuzzy  logic  can  han-  I 

|  <Ue  concepts  such  as  “maybe,”  “nearly”  and  “very.”  1 

Hedging  Your  Bets 

One  thing  that  makes  fuzzy 

membership/truth  values  in  a 
systematic,  reliable  manner. 

048634 

6V  iwsscll  M*  1  indicated  by  a  number  (called  i  Another  difference  becomes 

a  truth  value)  in  the  range.  visible  when  we  look  at  some 

to  define  “hedges,"  or  descrip- 

fuzzy  values.  This  keeps  the 

Kay  is  a  Computerworld  con- 
tributing  writer  in  Worcester, 

Mass,  You  can  contact  him  at 

mnu 
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TECHN0L06Y 


Wbfkshare  Ships 
Protect  Version  3.0 


Asset  Management 
Tools  Improved 


Encryption  Must 
Move  Beyond  SHA 

AT  THE  Crypto  2004  conference  in  Santa  -»i  assume  most  of  you  are  -  this 

Barbara,  Calif.,  this  month,  researchers  an-  news  “  ™p°rta,u- but  not  particularly 

nounced  several  weaknesses  in  common 

hash  functions.  These  results,  while  mathe-  breaking  digital  signatures  or  reading 
matically  sipiificant  aren’t  cause  for  alarm.  But  even 

so,  it  s  probably  time  for  the  cryptography  community  world  is  no  less  secure  after  these  an- 
to  get  together  and  create  a  new  hash  standard.  nouncemems  than  it  was  before. 


lision-free.  This  means  that  it  s  impos-  the  NSA  are  considered  a  sort  of  alien 

sible  to  find  two  messages  that  hash  to  technology:  They  come  ftom  a  superi- 
the  same  hash  value.  The  cryptograph-  or  race  with  no  explanations.  Any  sue  "  ' 

ic  reasoning  behind  these  two  proper-  cessfoi  cryptanalysis  against  an  NSA 

ties  is  subtle,  and  I  invite  curious  read-  algorithm  is  an  interestingdata  point  ^ ‘ 

ers  to  learn  more  in  my  book.  Applied  in  the  eternal  question  of  bow  good  UUVT  MB  AMUIAItt 

Cryptography  (Wiley.  1995).  they  really  are  in  there. 

Breaking  a  hash  function  means  As  a  user  of  cryptographic  systems  © 


Is  Grid  Computing  Ready 
for  Your  Enterprise? 

Computerworld’s  IT  Executive  Summit  Will  Guide  Your  Decision 


Grid  Computing:  Assessing  the 
Reality  and  the  Potential 

Philadelphia  •  September  15,  2004 


Achieve  Business 
Intelligence  Success! 


The  leading  executive  conference  for: 


September  27-29,  2004  •  JW  Marriott  Desert  Springs  Resort  •  Palm  Desert,  California 


For  more  information,  visit  www.biperspectives.com/cw  or  call  1-800-883-9090 


Pieces  of  Web  Pie 


I 


MANAGEMENT 


night  last  night  restoring  a  database  be- 

important.  and  so  is  performance  tun¬ 
ing  and  problem  solving.  In  IT,  you  tend 


TbeThrill 

Of  Crisis 

■  DBAs  are  often  the 
last  to  be  involved  in 
planning  but  the  first  to 
be  called  when  things  go  wrong. 


down.  IT  people  sometimes  think  they 
get  brought  into  it  because  they  have 


your  rote?  Business  people  think  IT 
can  do  anything,  but  they  need  to  know 


wwrtdyou  bo?  A  detective.  Trying  to 
mation  and  apply  them  appropriately 


MANAGEMENT 
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..From  IT 
Governance 

To  Hacking 


Recent  man¬ 
agement  books 
provide  tips 
on  IT  gover¬ 
nance,  CIO 
survival,  agile 
project  man¬ 
agement  and 
understanding 
hackers. 


* 

^Product,  'M 


IT  Governance:  How  Top  IT  governance  committee 
Performers  Manage  IT  while  the  authors  acknowl- 

Oecision  Rights  for  Superior  edge  that  there  is  no  one-size- 
Results.  by  Peter  Weill  and  Jeanne  fits-ail  approach  to  effective 

W.  Ross  (Harvard Business  School  IT  governance,  their  research 

Press.  2004; 269 pages.  $35)  finds  that  companies  that  are 

IT  governance  is  a  pressing  focused  on  either  profits  or 
issue  these  days,  particularly  growth  tend  to  have  similar 

since  technology  - -  governance  models. 

spending  accounts  for  The  book  is  aimed 

up  to  half  of  all  capital  BUIMPP  at  for-profit  compa- 

rately  describe  IT  governance  not-for-profits/This  is  highly 
within  theh^companies,  much  recommended  reading  for 


insights  from  several  leading 
management  gurus,  including 
Harvard  Business  School's 

igZZZSZSSSL 


About  Security  Threats 

by  The  Honeynel  Protect  (AaOrsof’- 
Wesley.  2004;  768 pages.  S4999) 


CIO  Survival  Guide:  The 
Roles  and  Responsibilities  of 
the  Chief  Information  Officer 

by  Kail  D.  Schubert  (Mm  Wiley  i  \ 

Sons.  2004. 294 pages  S45)  This 


Weill  and  Ross,  research  sci-  "  -----  -  - 

enlists  at  the  Center  for  Infer-  Agile  Project  Management: 
mation  Systems  Research  at  Creating  Innovative  Products 
MIT's  Sloan  School  of  Man-  byJmHighsmitf>(AMson-Wesley. 
agetnent.  do  just  that  and  2004; 277 pages  $34.95).  Al- 
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EXEC  TRACK 


GOPAL  K.  KAPUR 


Intelligent 

Disobedience 


D 


ISCUSSIONS  with  project  managers  about 
the  key  causes  of  failed  and  challenged  proj¬ 
ects  always  raise  two  primary  issues:  half- 
baked  or  harebrained  ideas  becoming  proj- 


Transplace  Picks 

Cashman  for  CTO  ects.  and  excessive  scope  creep. 

Traditionally,  senior  management  is  charged  with 
conceiving  ideas  that  will  drive  the  organization  to¬ 
ward  profitability  and  in-  baked  idea  that  turns  int 


the  dog  finally  proceeds.  \ 
imagine  the  consequences 
It's  important  to  note  thi 


■  if 


Got  Questions  About 
Network  Consolidation? 

Computer-world's  IT  Executive  Summit  Has  the  Answers 


sgsjttg  message  by  using  three 


IT  Careers  Wants  unique  IDG  publications: 
You! 

Take  the  hassle  out  of  CompUteTWOrld, 

job  searching  and 
check  us  out  at 

www.itcareers.com.  Info  World  and 

Today,  more  than  ever, 

the  right  skills  fuel  the  XT  i  wr  i  i 

Network  World 

new  economy  and  IT 
Careers  wants  you  to  be 

there.  Check  us  out  at:  Call:  (800)  762-2977 

www.itcareers.com 
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THE  BUCK  PA6E 


Shred,  Burn,  Erase 


How  do  You  DEAL  with  the  sensitive  data  on  your 
high-tech  junk?  One  way  is  to  send  your  old  PCs  to  a 
company  that  makes  a  business  of  handling  decom¬ 
missioned  corporate  computers.  These  days,  they’ll 
charge  you  an  extra  $10  to  $30  just  to  make  sure  the 
hard  disks  are  completely  erased  [QuickLink  49063]. 

Sure,  that’s  more  than  you  want  to  spend.  But  it's  a  bargain  com¬ 
pared  with  what  a  lawsuit  might  cost  if  sensitive  customer  informa¬ 
tion  leaks  out  of  your  company  on  the  unerased  hard  disk  of  a  dis¬ 
carded  PC.  It’s  a  small  price  to  pay  for  peace  of  mind. 

But  if  what  you  want  is  peace  of  mind,  it’s  nowhere  near  enough. 


Just  Keeping  His  Options  Open 

For  this  online  sales  farm,  there  are  60  pages  of  specs 
identifying  whether  fields  are  required  or  optional. -But 
during  beta  testing,  the  VP  of  sales  goes  ballistic  be¬ 
cause  we  don't  let  tfiem  submit  a  quote  without  ttie 
required  fields.- says  developer  plot  Ifeti. -He  teb  us 
that  the  fields  are  only  required  if  the  user  Knows  the 
information  -  otherwise  ftey're  optional.-  How  can  IT 


says.  Tfs  ou  job  to  figure  out  how  Id  do  If 

Him,  W<?  SHARK  Sp 
***■  ml  S^re*. 


THE  BACK  PA6E 


FRANK  HAYES  •  FRANKLY  SPEAKING 

Shred,  Bum,  Erase 


HOW  DO  YOU  DEAL  WITH  the  sensitive  data  on  your 
high-tech  junk?  One  way  is  to  send  your  old  PCs  to  a 
company  that  makes  a  business  of  handling  decom¬ 
missioned  corporate  computers.  These  days,  they’ll 
charge  you  an  extra  $10  to  $30  just  to  make  sure  the 
hard  disks  are  completely  erased  [QuickLink  49063], 

Sure,  that’s  more  than  you  want  to  spend.  But  it’s  a  bargain  con 
pared  with  what  a  lawsuit  might  cost  if  sensitive  customer  informa 
tion  leaks  out  of  your  company  on  the  unerased  hard  disk  of  a  dis¬ 
carded  PC.  It’s  a  small  price  to  pay  for  peace  of  mind. 

But  if  what  you  want  is  peace  of  mind,  it’s  nowhere  near  enough. 

Does  that  sound  a  little  paranoid?  Maybe  it  is.  i  point  of  failure  of  one  disk-w  ' 


They  multifunction,  multitask  and  multi-simplify. 


Drive  the  value  of  your  investment  in 
operational  software.  Once  and  for  all. 


www.sas.com/itbreakthrough 


The  Power  to  Knew. 


